October 14, 2006

"I want my Google Data Privacy"

My earlier post on Google Data Privacy seems to have resonated with quite a few people. This is great, I think it's a really good discussion to be having. My general sense of most of the responses I've seen is "Google, we like your services and we want to trust you, but we're pretty nervous about having so much of our private data in your hands." One netizen even started a petition to that effect, heh.

I should point out, my original post was pretty much a quick off-the-cuff reaction to noticing how many Google apps I'd been using. I think the idea of "Google Data Privacy" is definitely an interesting starting point, but as stated it was too simplistic and not well thought through. Given the level of interest and also some of the good critical comments, that's something I want to push on a bit.

One point made in various places is that focusing on Google is too narrow; our personal information is held by dozens or hundreds of 3rd parties, mostly beyond our control. I agree, this is not just about about Google. The issue of online data privacy is tremendously broad, and applies equally to all online service providers including ISPs, e-commerce sites, web mail systems, financial services, corporate IT departments, and on and on. Microsoft Live and MyYahoo are obviously similar, just to name two. Our private data is smeared all over the Net, and Google is just one of the more prominent lumps.

What about trust? Some commenters suggested that they trust Google to do the right thing. OK, as long as Google stay true to their roots I think that has some validity. But try this experiment: instead of saying "I trust Google with my personal data", substitute "Microsoft", "Yahoo", "AOL", "NewsCorp", "AT&T", "Verizon", "BT", "Comcast", "HP", "IBM", or "Cisco" and see how you feel. It varies a lot, doesn't it? Yet to a greater or lesser degree and depending on who you are, all of these companies have some level of access to a lot of people's online activity data. So I agree -- a trust relationship can be extremely important, but trust has to be earned and maintained, it can be extremely fragile, and there may be weak links in the chain.

Another issue that has been raised is, could we really expect Google to give its users control over our data in a way that could hurt its business? I don't know, certainly they would have to draw the line somewhere. But let's look at it a different way. We're having this discussion because Google is doing the best job of building a wide range of services that I and lots of other people love and find extraordinarily useful, but also because we're getting nervous about them. It might be in Google's best interest to take the moral high ground on such an important issue, because it's good PR, good for customer loyalty, and good as a competitive differentiator. In other words, it's good business. Google Data Privacy could be a way for GOOG to "do well by doing good."

I think that if Google built GDP, not only would it be good for their own business and all of its users, it would raise the bar for every other online service provider as well. No single company can solve the world's online data privacy problems, but Google has the ability, the cultural heritage, and the industry stature to make a credible step forward.